In the 90s, network management was mostly about whats up or down and bandwidth shortages and slowness were often addressed by bringing in bigger connections with more bandwidth or upgrading servers and end systems. Overtime, we have realized that by gaining a bit of insight into the traffic patterns, we can sometimes avoid costly upgrades.
“companies that manage application performance have fewer complaints from end users and, faster time to repair application issues. They also can build applications that are easier to use and require fewer IT resources to support.”
Jeffrey Hill – Aberdeen Group
Determining a “why is it so slow” issue may involve one or more of the following:
- Is it caused by bandwidth contention
- Is it the end system resources?
- Is the server overwhelmed
As pointed out by Jeffrey Hill, monitoring application performance can lead to a faster MTTR (mean time to repair) and ultimately result in happier end users. The benefits are obvious but, how can we troubleshoot application slowness using NetFlow or IPFIX?
Traditionally, Cisco NetFlow Technology has been used to export details on connections with a primary focus on bytes transferred. With this in mind, NetFlow and IPFIX collection has been very useful for determining:
- The amount of connections to a server
- The ports it was communicating on
- The total amount of bytes to and from the server
Loaded with the above information, we could often deduce the source of a latency problem however, there are plenty of troubleshoots where the above simply doesn’t provide enough insight on performance (i.e. network performance). With the emerging cloud computing technology, monitoring cloud services for performance issues is clearly going to be a concern.
The nProbe was the first NetFlow probe or IPFIX solution to export details on latency specific to end systems, servers and applications. Next came Cisco Performance Monitoring for Medianets and at about the same time Sonicwall IPFIX exports were releasing similar information. Most recently Citrix AppFlow has joined the list. Not only do these vendors provide latency details on TCP connections, many also provide insight for VoIP traffic monitoring. Details include jitter, packet loss, codec, caller id and more.
Since NetFlow v5, the technology has included the subnet prefix which enables NetFlow and IPFIX reporting tools to empower network administrators to view network performance issues by subnet. This is all after filtering down to see only the targeted data inclusive of specific interfaces or even URLs specific to cloud services. Yes, all with NetFlow or IPFIX.
NetFlow and IPFIX have come a long way to aid in network traffic analysis. Make sure your NetFlow solution can take traffic analysis to another level by including details on network connection latency.